SEPPmail Secure Email Gateway: Malicious PDFs Can Execute OS Commands

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.5

SEPPmail Secure Email Gateway: Malicious PDFs Can Execute OS Commands

CVE-2026-27441

Summary

A security issue in older versions of SEPPmail Secure Email Gateway can allow attackers to execute malicious code on the system by sending a specially crafted PDF email. This vulnerability can lead to unauthorized access and data theft. Update to version 15.0.1 or later to fix the issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
seppmail	seppmail	<= 15.0.1	–

Original title

SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command execution.

Original description

SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command execution.

nvd CVSS3.1 9.8

nvd CVSS4.0 9.5

Vulnerability type

CWE-78 OS Command Injection

https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerabili... Vendor Advisory

Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026